The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Suspicious file": Could not update to Drupal 7.22 on cPanel CentOS server.

Discussion in 'Security' started by SandPond, Apr 9, 2013.

  1. SandPond

    SandPond Registered

    Joined:
    Apr 9, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Could not update to Drupal 7.22 on cPanel CentOS server. Received a fatal error whitescreen relating to not finding panels/minipanels scripts. When I turned off all modules related to panels/minipanels, and retried the update, I recived as list of messages reporting missing modules: ctools,rules,wysiwyg, etc.

    Going through server logs I found the following in /var/log/lfd.log:

    Apr 8 19:26:22 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/rules/rules.api.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/ctools.api.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/page_manager/page_manager.api.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/page_manager/theme/page-manager-edit-page.tpl.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/stylizer/plugins/export_ui/stylizer_ui.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/ctools.drush.sh [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/cached/ctoolsCachedPluginArray2.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/cached/ctoolsCachedPluginArray.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/not_cached/ctoolsNotCachedPluginArray2.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:24 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/not_cached/ctoolsNotCachedPluginArray.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:24 vps lfd[4904]: Too many hits for *LF_DIRWATCH* - Directory Watching disabled
    Apr 8 19:29:23 vps lfd[5132]: *User Processing* PID:5126 Kill:0 User:myuser VM:291(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/myuser/public_html/drupal/index.php
    Apr 8 19:26:24 vps lfd[4904]: Too many hits for *LF_DIRWATCH* - Directory Watching disabled

    QUESTION 1: Why is the Drupal update process (or update gunzip decompression process) generating "Suspecious Files" warnings and leaving directories of files in /tmp instead of in the Drupal installation directory where they were destined ???
    QUESTION 2: Is this a security concern, a Drupal 7.22 update problem, or merely a cPanel CFS (security) configuration issue ???
    QUESTION 3: What should be done ??? I am guessing that others may also encounter this issue.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Drupal nor CSF are cPanel products, you might want to look into this at Drupal support. Were you attempting to install this from command line I take it?
     
Loading...

Share This Page